CAMC generation and verification failed generated through CSEc compared to offline one

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CAMC generation and verification failed generated through CSEc compared to offline one

560 Views
baseerahmadpiracha
Contributor III

Dear NXP Support Team,

I am currently facing an issue with CMAC generation and verification on S32K144 that uses the CSEc module. Specifically, I have noticed that the CMAC generated through the CSEc module is failing verification when compared to an offline CMAC generated using the same key and data from an open source tool which we intend to use in our host PC afterwards.

Can you please provide guidance on how to troubleshoot this issue? Are there any known limitations or constraints that I should be aware of when using the CSEc module for CMAC generation and verification? Are there any specific settings or configurations that I need to ensure are properly configured to ensure successful CMAC generation and verification through the CSEc module?

Secondly, i would like to ask you about the secure boot functionality of the said MCU. Is there any defined mechanism to enable the secure boot automatically within the MCU or we have to implement it on own side. If there is any defined mechanism kindly guide us how to implement it.

Thank you in advance for your assistance with this matter.

Best regards,

Baseer

Tags (1)
0 Kudos
Reply
1 Reply

541 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @baseerahmadpiracha 

regarding the CMAC, see please my answer here:

https://community.nxp.com/t5/S32K/S32K116-Bricked-after-CSEc-Operations/m-p/1181462/highlight/true#M...

I used test vectors from SHE specification to confirm that the CMAC is generated correctly. The test vector is the best option for start.

Regarding secure boot, you can take a look at this application note:

https://www.nxp.com/webapp/Download?colCode=AN5401&location=null

https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null

Section "4.4 Secure Boot" explain this in detail. Example "4_secure_boot_add_BOOT_MAC_manual" shows how to enable the secure boot and how to add boot MAC - either automatically or manually.

If you use SDK, you can take a look at this example:

c:\NXP\S32DS.3.4\S32DS\software\S32SDK_S32K1XX_RTM_4.0.3\examples\S32K144\demo_apps\csec_boot_protection\

But I recommend to study AN5401 anyway before using SDK version.

Regards,

Lukas

0 Kudos
Reply